Privacy Interest Group Monthly Meeting - August 2016
25 Aug 2016

See also: IRC log


keiji, Christine, JoeHallCDT, wseltzer, npdoty, craig_spiezle, gnorcie, chaals


<keiji> 648 986 475

<scribe> scribe: JoeHallCDT


<scribe> scribeNick: JoeHallCDT

<wseltzer> present=

<wseltzer> present=keiji,Christine,JoeHallCDT,wseltzer

<tara> Simon if you are on WebEx - do you have audio?

christine: first agenda item, welcome and introductions

Craig Spiezle of OTA introduces himself

?? was going to solicit comments from PING and compile them

<christine> marta from Blockstream

there is something in github, but not sure there have been much interaction with that

<npdoty> I don't see wake-lock in Github

<npdoty> ah, I see the pull request now

I didn't know we had wake-lock on our plates

tara: seems to be a PR from Marta

<npdoty> https://github.com/martasect/ping/blob/af74fb50958671f248b521f215a9b953019ec6cc/wake-lock-privacy.md

<wseltzer> https://github.com/w3c/ping

tara: folks from wake-lock presented at the last PING telecon
... combination of privacy and security sections in their document
... particularly interested in side channel risks
... e.g., use another API that would cause a wake
... Marta had asked if people could look at and comment, she would welcome that input
... they wanted feedback by the end of August

<christine> webex - http://mit.webex.com/mit/j.php?MTID=meda7c1b71d647aefa4377d4610c67648

wseltzer: how would this group like to manage it's github repo?
... we have WG groups working on specs, editors approve of PRs, anyone can comment/make PRs
... whomever authors a document could accept pull requests on a document
... q: should we accept the PR from Marta to start the discussion on wake-lock

npdoty: we've been doing separate repos for separate spec-like documents
... that makes sense to track issues, etc., specific to those lines of work
... sounds fine with me

Christine: anyone have problems with that? (no one did.)

<npdoty> can use the single PING github repo for gathering feedback documents, reviews, etc., which I think the TAG has also been doing

Christine: we should help Marta by indicating we'll collectively take a look
... and some of us can help deal with any learning curves for github (marshal email ffeedback into the repo)
... Marta is concerned about any issues about making sure the wake-lock can be narrowed to specific applications
... please have a look and share thoughts on the email list

npdoty: deadline is end of August?

tara: when the original email request came out, they said in passing they'd like comments by the end of August

christine: even if we can't reach consensus in time as PING, it's very helpful for them to have individual feedback
... so they can incorp. into securit and privacy considerations

<christine> Agenda item 3 - Fingerprinting guidance

christine: reached out to IETF IAB privsec program, invited them to review it and give feedback
... have they been in touch with you?

npdoty: haven't heard anything back.
... we did get back to the TAG, and now I have some more issues from them

christine: is the next step to take into account comments from TAG

is this before a formal group note, or did we do that?

<npdoty> https://github.com/w3ctag/spec-reviews/issues/38#issuecomment-236352266

npdoty: the last rev tried to take care of all of our issues

<npdoty> https://github.com/w3c/fingerprinting-guidance/issues/13

<npdoty> https://github.com/w3c/fingerprinting-guidance/issues/12

npdoty: feedback from TAG was considerably longer, so we'll want to look at those

<npdoty> https://github.com/w3c/fingerprinting-guidance/issues/6

npdoty: these issues (links here) are harder for npdoty to deal with himself
... I could use help in making the document more actionable
... decision tree, Q&A style response, so that it would be useful to engineers who want to try to incorporate guidance into their own work
... would be helpful to get feeback from folks that could apply the guidance to their own document
... and get back feedback on "this was helpful" or "here is what helped me in my own document"
... this is issue 13 and is the hardest… we need some good ideas/advice here in terms of actionability

christine: solution: (?) send an email to the PING list to focus people's attention on those three issues
... we can check with the chairs to see if we can find someone to help you with actionability

npdoty: that would work, we could also take fingerprinting document into the next review we do

<chaals> [+1 to npdoty's idea of "field-testing]

christine: wake-lock is probably not a good candidate (not really.)

npdoty: any of the sensors work should be good

christine: Lucasz would be helpful? (maybe)
... let's see if we can think of someone to help Nick and what would be a good field test
... will take it to the list


<tara> Thanks Nick!

JoeHallCDT: is this yet a group note?

christine: it's a draft group note with the ambition of being a group note?

npdoty: yes, the thing we are calling a draft group note was out for feedback and we want to wrap that up

JoeHallCDT: we can give IAB program a few weeks for feeback

<christine> Agenda item 4: Privacy questionnaire

christine: apologies, I need to find time to chase people up about this
... will try to jumpstart interest in it by picking a piece of it to have a discussion on the email list
... they may be a bit daunted by looking at the whole document, so let's carve off smaller more interesting bits for discussion

npdoty: Greg, I think we had some discussion on the list about some common cross-origin problems

gnorcie: thinking less about fingerprinting but more about cross-origin leaks and stuff

<npdoty> https://github.com/gregnorc/ping-privacy-questions/issues

npdoty: will raise an issue


<christine> Agenda item - TPAC

tara: we now have a meeting for PING on Tuesday of TPAC
... tried to not have conflicts with WebAppSec, etc.
... no agenda just yet (Joe has not been helpful there!)

I'll be there!

<keiji> I will

<npdoty> Nick regrets, but would like to call in if possible

<christine> Christine, regrets too

tara: we have set up A/V to accommodate remote participatoin
... we need to identify what would be the most productive to work on in the f2f meeting
... privacy questionnaire, would that be helpful, Christine? (yes.)
... can evaluate the state of fingerpriting guidance at that time
... last time we had presentations from other WGs
... if there is anything else we want to bring up feel free

<npdoty> I think presentation from groups and identification of common issues raised in other working groups is very useful at TPAC

tara: will send out a note to the list with draft agenda, solicitiing topics

npdoty: meeting on Tuesday is different than what we've done usually…
... won't be able to do what we've done in the past in terms of "here are things we've seen this week"

tara: that's a good point, will want to touch base after the meeting for that purpose too

<npdoty> (what time of the day will the meeting be in Europe? and what timezone?)

<npdoty> 4 October, maybe?

JoeHallCDT: we could have a PING call the week after TPAC

4 Oct WFM

that's a tuesday, just note

tara: Tuesday meeting is all-day, Lisbon time (08:30-18:00 local time)

lisbon is GMT, I think

<npdoty> 1am to 9am Pacific Time?

christine: web privacy news!!!

<christine> Agenda item - web privacy news

christine: developments terrifying or otherwise?
... Lucasz had sent a link around about CSS hijacking

<tara> To respond to Nick - yes, that timezone is about right; 1am to 10am PT, which suggests having later afternoon TPAC-time for items relevant to West Coat USA folks!

<gnorcie> URL: https://github.com/jlund/streisand

<npdoty> tara, either first thing in the morning, or late in the afternoon would work well for me

<chaals> [thanks all. Sorry about not being able to attend the meeting at TPAC, but I'll see some of you there I hope]

Summary of Action Items

Summary of Resolutions

[End of minutes]

Minutes formatted by David Booth's scribe.perl version 1.144 (CVS log)
$Date: 2016/08/25 16:53:29 $

Scribe.perl diagnostic output

[Delete this section before finalizing the minutes.]
This is scribe.perl Revision: 1.144  of Date: 2015/11/17 08:39:34  
Check for newer version at http://dev.w3.org/cvsweb/~checkout~/2002/scribe/

Guessing input format: RRSAgent_Text_Format (score 1.00)

Succeeded: s/Blockchain/Blockstream/
Found Scribe: JoeHallCDT
Inferring ScribeNick: JoeHallCDT
Found ScribeNick: JoeHallCDT

WARNING: No "Topic:" lines found.

WARNING: Replacing previous Present list. (Old list: wseltzer, tara, weiler, christine, Andrey_Logvinov, Barry_Leiba, marta, mikeoneill, terri, keiji, npdoty)
Use 'Present+ ... ' if you meant to add people without replacing the list,
such as: <dbooth> Present+ keiji, Christine, JoeHallCDT, wseltzer, npdoty

Present: keiji Christine JoeHallCDT wseltzer npdoty craig_spiezle gnorcie chaals
Regrets: weiler

WARNING: No meeting chair found!
You should specify the meeting chair like this:
<dbooth> Chair: dbooth

Got date from IRC log name: 25 Aug 2016
Guessing minutes URL: http://www.w3.org/2016/08/25-privacy-minutes.html
People with action items: 

WARNING: Input appears to use implicit continuation lines.
You may need the "-implicitContinuations" option.

WARNING: No "Topic: ..." lines found!  
Resulting HTML may have an empty (invalid) <ol>...</ol>.

Explanation: "Topic: ..." lines are used to indicate the start of 
new discussion topics or agenda items, such as:
<dbooth> Topic: Review of Amy's report

[End of scribe.perl diagnostic output]